A vulnerability was found in mbed TLS up to 3.5.0/4.0.0 and classified as critical . Affected by this issue is some unknown functionality of the component TLS 1.3 Session Handler . Such manipulation leads to privilege escalation. This vulnerability is documented as CVE-2026-34873 . The attack can be executed remotely. There is not any exploit available.